Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61729 (GCVE-0-2025-61729)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.24.11
(semver)
Affected: 1.25.0 , < 1.25.5 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:52:36.341575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:52:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.VerifyHostname"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.5",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:37:14.903Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/725920"
},
{
"url": "https://go.dev/issue/76445"
},
{
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61729",
"datePublished": "2025-12-02T18:54:10.166Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2025-12-03T19:37:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61729",
"date": "2026-06-30",
"epss": "0.00451",
"percentile": "0.35925"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61729\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-12-02T19:15:51.447\",\"lastModified\":\"2026-06-17T09:50:48.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.VerifyHostname\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.11\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-02T21:52:36.341575Z\",\"id\":\"CVE-2025-61729\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.11\",\"matchCriteriaId\":\"F2E6FD2A-A487-4099-B91D-2429F286AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.5\",\"matchCriteriaId\":\"39C03A37-B94B-46E4-B1C2-A70A870F8E53\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/725920\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76445\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4155\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T21:52:36.341575Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T21:52:53.822Z\"}}], \"cna\": {\"title\": \"Excessive resource consumption when printing error string for host certificate validation in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Philippe Antoine (Catena cyber)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.5\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.VerifyHostname\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/725920\"}, {\"url\": \"https://go.dev/issue/76445\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4155\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-12-02T18:54:10.166Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:6184
Vulnerability from csaf_redhat - Published: 2026-03-30 13:41 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6184",
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6184.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-07-01T00:17:05+00:00",
"generator": {
"date": "2026-07-01T00:17:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6184",
"initial_release_date": "2026-03-30T13:41:49+00:00",
"revision_history": [
{
"date": "2026-03-30T13:41:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T09:34:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.19",
"product": {
"name": "Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3A1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3A09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Aa3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3A7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439395"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Ae41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ab900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Aee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3Abed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product_id": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-dependencies-operator-bundle@sha256%3Abb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ad5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3Ab865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3A05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439421"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439418"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3A0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Abd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3A6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439437"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Af6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Adf81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ab8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aacdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Ab5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Ae03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Abf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Aee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aa04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Aef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Aae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Af05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Ada49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Aa9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T13:41:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.19/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T13:41:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.19/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:6192
Vulnerability from csaf_redhat - Published: 2026-03-30 15:41 - Updated: 2026-07-01 00:12A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik's plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with "acme-tls/1" before ceasing communication, a malicious client can indefinitely tie up system resources such as "go routines" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server's resources become exhausted by these persistent, non-responsive connections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.27.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6192",
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-54386",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1002",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22045",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23950",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24842",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25949",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6192.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.27.0 Release.",
"tracking": {
"current_release_date": "2026-07-01T00:12:24+00:00",
"generator": {
"date": "2026-07-01T00:12:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6192",
"initial_release_date": "2026-03-30T15:41:48+00:00",
"revision_history": [
{
"date": "2026-03-30T15:41:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-30T15:41:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:12:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.27::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Adf538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ad0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ab260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ade4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ad160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Addbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ae9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Adb2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Acad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Aacaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ac82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ac51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ab5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Ae139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Aef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Ad25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774609756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ab6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Acef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ae5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ae095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-54386",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-02T00:00:54.513784+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2386070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik\u0027s plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "RHBZ#2386070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/71",
"url": "https://github.com/traefik/plugin-service/pull/71"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/72",
"url": "https://github.com/traefik/plugin-service/pull/72"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800",
"url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/pull/11911",
"url": "https://github.com/traefik/traefik/pull/11911"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.28",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
}
],
"release_date": "2025-08-01T23:32:21.747000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-22045",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-15T23:01:12.589198+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with \"acme-tls/1\" before ceasing communication, a malicious client can indefinitely tie up system resources such as \"go routines\" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. In the Red Hat context, this flaw affects Traefik as deployed in Red Hat OpenShift Dev Spaces. An unauthenticated attacker can exploit the ACME TLS-ALPN fast path to exhaust system resources, leading to a denial of service of the entry point.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "RHBZ#2430198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22045"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d",
"url": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.35",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.35"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.7",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.7"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq"
}
],
"release_date": "2026-01-15T22:44:05.423000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25949",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-12T21:01:13.761844+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik\u0027s configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server\u0027s resources become exhausted by these persistent, non-responsive connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT denial of service flaw in Traefik, an HTTP reverse proxy and load balancer, affecting Red Hat OpenShift Dev Spaces. An unauthenticated client can exploit this by sending a specific STARTTLS request and then stalling, which bypasses configured read timeouts and causes connections to remain open indefinitely, leading to resource exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "RHBZ#2439522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678",
"url": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.8",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.8"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w"
}
],
"release_date": "2026-02-12T20:01:19.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat environments, this condition introduces a significant constraint, as exploitation requires user interaction and reliance on unsafe handling of externally supplied archives. The attack is not remotely exploitable in isolation and depends on a user or service processing attacker-controlled input.\n\nFurthermore, the impact of the vulnerability is limited to the privileges of the extracting process. In typical Red Hat deployments, archive extraction is performed by non-privileged users or within confined environments such as containers or restricted service contexts, which limits the scope of potential damage.\n\nRed Hat analysis also notes that this issue does not provide a direct mechanism for code execution or privilege escalation, but rather enables file system manipulation within the boundaries of the executing user\u2019s permissions.\n\nGiven the requirement for user-assisted exploitation, the absence of a direct remote attack vector, and the confinement of impact to the privileges of the extracting process, Red Hat considers the practical risk to be lower than the generalized NVD assessment. As a result, this vulnerability is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
}
]
}
RHSA-2026:6226
Vulnerability from csaf_redhat - Published: 2026-03-31 02:53 - Updated: 2026-07-01 06:09A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6226",
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57810",
"url": "https://access.redhat.com/security/cve/CVE-2025-57810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59343",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27571",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6226.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update",
"tracking": {
"current_release_date": "2026-07-01T06:09:58+00:00",
"generator": {
"date": "2026-07-01T06:09:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6226",
"initial_release_date": "2026-03-31T02:53:32+00:00",
"revision_history": [
{
"date": "2026-03-31T02:53:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-31T02:53:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:09:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.6.2",
"product": {
"name": "Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ab7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774364330"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ad4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Acbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abe5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-57810",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-26T16:01:25.508363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2391077"
}
],
"notes": [
{
"category": "description",
"text": "An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Denial of Service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact of this flaw is limited on Red Hat systems as the host operating system is not at risk of degradation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57810"
},
{
"category": "external",
"summary": "RHBZ#2391077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391077"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/pull/3880",
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
}
],
"release_date": "2025-08-26T15:37:28.071000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jspdf: jsPDF Denial of Service (DoS)"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-27571",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-24T17:04:11.684134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442401"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: WebSockets pre-auth memory DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not require valid NATS credentials to be exploited as the use of compression is negotiated before the authentication process. However, only deployments using WebSockets and that are exposed to untrusted network endpoints are vulnerable to this issue, limiting its exposure. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "RHBZ#2442401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
"url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
}
],
"release_date": "2026-02-24T15:59:17.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: WebSockets pre-auth memory DoS"
}
]
}
RHSA-2026:6428
Vulnerability from csaf_redhat - Published: 2026-04-02 07:50 - Updated: 2026-07-01 05:58A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Workaround
|
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Workaround
|
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.11 for Red Hat OpenShift.",
"title": "Topic"
},
{
"category": "general",
"text": "Network flows collector and monitoring solution.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6428",
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/observability/network_observability/network-observability-operator-release-notes.html",
"url": "https://docs.openshift.com/container-platform/latest/observability/network_observability/network-observability-operator-release-notes.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6428.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.11.1 for OpenShift",
"tracking": {
"current_release_date": "2026-07-01T05:58:03+00:00",
"generator": {
"date": "2026-07-01T05:58:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6428",
"initial_release_date": "2026-04-02T07:50:38+00:00",
"revision_history": [
{
"date": "2026-04-02T07:50:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-02T07:50:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:58:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Network Observability (NETOBSERV) 1.11.2",
"product": {
"name": "Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability (NETOBSERV)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256%3A325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774962696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3Adc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3Ab0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3Ab5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3Aa72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3Aa90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3Adc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat environments, this condition introduces a significant constraint, as exploitation requires user interaction and reliance on unsafe handling of externally supplied archives. The attack is not remotely exploitable in isolation and depends on a user or service processing attacker-controlled input.\n\nFurthermore, the impact of the vulnerability is limited to the privileges of the extracting process. In typical Red Hat deployments, archive extraction is performed by non-privileged users or within confined environments such as containers or restricted service contexts, which limits the scope of potential damage.\n\nRed Hat analysis also notes that this issue does not provide a direct mechanism for code execution or privilege escalation, but rather enables file system manipulation within the boundaries of the executing user\u2019s permissions.\n\nGiven the requirement for user-assisted exploitation, the absence of a direct remote attack vector, and the confinement of impact to the privileges of the extracting process, Red Hat considers the practical risk to be lower than the generalized NVD assessment. As a result, this vulnerability is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
}
]
}
RHSA-2026:6568
Vulnerability from csaf_redhat - Published: 2026-04-03 22:07 - Updated: 2026-07-01 00:11A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user's initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.15.4 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.15.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6568",
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68158",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28498",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6568.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.15.4",
"tracking": {
"current_release_date": "2026-07-01T00:11:46+00:00",
"generator": {
"date": "2026-07-01T00:11:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6568",
"initial_release_date": "2026-04-03T22:07:28+00:00",
"revision_history": [
{
"date": "2026-04-03T22:07:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-03T22:07:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:11:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.15",
"product": {
"name": "Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980222"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aa1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775183105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Adec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775250489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Acde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ad6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Abe166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68158",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2026-01-08T19:01:41.615962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user\u0027s initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products utilizing Authlib, such as Red Hat Ansible Automation Platform, Hosted OpenShift Clusters, Red Hat Quay, and Red Hat Satellite. The flaw arises from improper session management in Authlib\u0027s cache-backed state storage, allowing a remote attacker to perform Cross-Site Request Forgery (CSRF) by obtaining a valid state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "RHBZ#2428102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489",
"url": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228",
"url": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523"
}
],
"release_date": "2026-01-08T17:58:17.724000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, while difficult to exploit, would lead to a loss of integrity in the encrypted communication channel. Given that the cryptography package is a library, it is likely to be used in situations that do not require user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28498",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-16T19:02:00.128339+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Authlib allows attackers to bypass OIDC ID Token integrity verification. The at_hash and c_hash validation fails open for unknown algorithms, accepting forged tokens as valid. Exploitation requires no authentication or user interaction. Impact is high to confidentiality and integrity. Red Hat products using Authlib for OIDC validation are affected. Fixed in version 1.6.9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "RHBZ#2448182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"release_date": "2026-03-16T18:03:28.821000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
RHSA-2026:7052
Vulnerability from csaf_redhat - Published: 2026-04-08 12:26 - Updated: 2026-07-01 00:13A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging for Red Hat OpenShift - 6.0.14",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Logging 6.0.14 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7052",
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7052.json"
}
],
"title": "Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.0.14",
"tracking": {
"current_release_date": "2026-07-01T00:13:44+00:00",
"generator": {
"date": "2026-07-01T00:13:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7052",
"initial_release_date": "2026-04-08T12:26:52+00:00",
"revision_history": [
{
"date": "2026-04-08T12:26:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-08T12:27:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:13:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Logging Subsystem for Red Hat OpenShift 6.0",
"product": {
"name": "Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:6.0::el9"
}
}
}
],
"category": "product_family",
"name": "Logging Subsystem for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256%3Ad209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774968306"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3Ab9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Abf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256%3A066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774968543"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Ac9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Ad9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Aa74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3Aa0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ad44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Ac15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3A2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ab37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Adc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Ab07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Acec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T12:26:52+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ocp-4-16-release-notes\n\nFor Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.0",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T12:26:52+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ocp-4-16-release-notes\n\nFor Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.0",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T12:26:52+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ocp-4-16-release-notes\n\nFor Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.0",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:7291
Vulnerability from csaf_redhat - Published: 2026-04-09 11:00 - Updated: 2026-07-01 06:09A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
CWE-295 - Improper Certificate Validation| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7291",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27138",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27142",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7291.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-01T06:09:58+00:00",
"generator": {
"date": "2026-07-01T06:09:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7291",
"initial_release_date": "2026-04-09T11:00:43+00:00",
"revision_history": [
{
"date": "2026-04-09T11:00:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:02:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:09:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@aarch64",
"product": {
"name": "golang1-26-main@aarch64",
"product_id": "golang1-26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@src",
"product": {
"name": "golang1-26-main@src",
"product_id": "golang1-26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@x86_64",
"product": {
"name": "golang1-26-main@x86_64",
"product_id": "golang1-26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@noarch",
"product": {
"name": "golang1-26-main@noarch",
"product_id": "golang1-26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26-docs@1.26.2-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@aarch64"
},
"product_reference": "golang1-26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@noarch"
},
"product_reference": "golang1-26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@src"
},
"product_reference": "golang1-26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@x86_64"
},
"product_reference": "golang1-26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27138",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:35.939008+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445344"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "RHBZ#2445344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://go.dev/cl/752183",
"url": "https://go.dev/cl/752183"
},
{
"category": "external",
"summary": "https://go.dev/issue/77953",
"url": "https://go.dev/issue/77953"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4600",
"url": "https://pkg.go.dev/vuln/GO-2026-4600"
}
],
"release_date": "2026-03-06T21:28:14+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27142",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-06T22:01:56.662646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445351"
}
],
"notes": [
{
"category": "description",
"text": "An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: URLs in meta content attribute actions are not escaped in html/template",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "external",
"summary": "RHBZ#2445351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445351"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"category": "external",
"summary": "https://go.dev/cl/752081",
"url": "https://go.dev/cl/752081"
},
{
"category": "external",
"summary": "https://go.dev/issue/77954",
"url": "https://go.dev/issue/77954"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4603",
"url": "https://pkg.go.dev/vuln/GO-2026-4603"
}
],
"release_date": "2026-03-06T21:28:14.674000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: URLs in meta content attribute actions are not escaped in html/template"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:7385
Vulnerability from csaf_redhat - Published: 2026-04-10 14:24 - Updated: 2026-07-01 06:09A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7385",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42503",
"url": "https://access.redhat.com/security/cve/CVE-2026-42503"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7385.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-01T06:09:59+00:00",
"generator": {
"date": "2026-07-01T06:09:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7385",
"initial_release_date": "2026-04-10T14:24:10+00:00",
"revision_history": [
{
"date": "2026-04-10T14:24:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-07T03:11:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:09:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@aarch64",
"product": {
"name": "golang1-25-main@aarch64",
"product_id": "golang1-25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@src",
"product": {
"name": "golang1-25-main@src",
"product_id": "golang1-25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@x86_64",
"product": {
"name": "golang1-25-main@x86_64",
"product_id": "golang1-25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@noarch",
"product": {
"name": "golang1-25-main@noarch",
"product_id": "golang1-25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25-docs@1.25.9-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@aarch64"
},
"product_reference": "golang1-25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@noarch"
},
"product_reference": "golang1-25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@src"
},
"product_reference": "golang1-25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@x86_64"
},
"product_reference": "golang1-25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
}
]
}
RHSA-2026:7676
Vulnerability from csaf_redhat - Published: 2026-04-13 02:21 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7676",
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7676.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:06+00:00",
"generator": {
"date": "2026-07-01T00:17:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7676",
"initial_release_date": "2026-04-13T02:21:56+00:00",
"revision_history": [
{
"date": "2026-04-13T02:21:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:21:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.src",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.src",
"product_id": "rhc-1:0.2.4-3.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.x86_64",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.x86_64",
"product_id": "rhc-1:0.2.4-3.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.s390x",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.s390x",
"product_id": "rhc-1:0.2.4-3.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.ppc64le",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.ppc64le",
"product_id": "rhc-1:0.2.4-3.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.src"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:21:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:21:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:7854
Vulnerability from csaf_redhat - Published: 2026-04-13 12:51 - Updated: 2026-07-01 00:13A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7854",
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7854.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-07-01T00:13:51+00:00",
"generator": {
"date": "2026-07-01T00:13:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7854",
"initial_release_date": "2026-04-13T12:51:03+00:00",
"revision_history": [
{
"date": "2026-04-13T12:51:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T12:51:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:13:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.src",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.src",
"product_id": "podman-5:5.4.0-20.el9_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=src\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"product": {
"name": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"product_id": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@5.4.0-20.el9_6.2?arch=noarch\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5:5.4.0-20.el9_6.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch"
},
"product_reference": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.