Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66031 (GCVE-0-2025-66031)
Vulnerability from cvelistv5 – Published: 2025-11-26 22:23 – Updated: 2025-11-28 18:27
VLAI?
EPSS
Title
node-forge ASN.1 Unbounded Recursion
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Severity ?
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.3.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:26:11.800439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:27:06.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:23:26.013Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
}
],
"source": {
"advisory": "GHSA-554w-wpv2-vw27",
"discovery": "UNKNOWN"
},
"title": "node-forge ASN.1 Unbounded Recursion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66031",
"datePublished": "2025-11-26T22:23:26.013Z",
"dateReserved": "2025-11-21T01:08:02.614Z",
"dateUpdated": "2025-11-28T18:27:06.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66031\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-26T23:15:49.397\",\"lastModified\":\"2025-12-06T00:22:18.840\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"FCE34820-051A-4D02-AB4B-DB03886D53CF\"}]}]}],\"references\":[{\"url\":\"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66031\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-28T18:26:11.800439Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-28T18:26:46.170Z\"}}], \"cna\": {\"title\": \"node-forge ASN.1 Unbounded Recursion\", \"source\": {\"advisory\": \"GHSA-554w-wpv2-vw27\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"digitalbazaar\", \"product\": \"forge\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.3.2\"}]}], \"references\": [{\"url\": \"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27\", \"name\": \"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451\", \"name\": \"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-26T22:23:26.013Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66031\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-28T18:27:06.242Z\", \"dateReserved\": \"2025-11-21T01:08:02.614Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-26T22:23:26.013Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
CERTFR-2025-AVI-1129
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.11 | ||
| VMware | Tanzu Platform | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.1 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.3.2 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.2.6+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | .NET Core Buildpack versions antérieures à 2.4.72 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.23+LTS-T |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.6+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.72",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.23+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3573"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-27111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27111"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-3044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3044"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2020-7792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7792"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25184"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-12194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12194"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36626"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36633",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36633"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36630",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36630"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36631",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36631"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36629"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36632",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36632"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36627"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36628"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36625",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36625"
}
]
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
CERTFR-2025-AVI-1129
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.11 | ||
| VMware | Tanzu Platform | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.1 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.3.2 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.2.6+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | .NET Core Buildpack versions antérieures à 2.4.72 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.23+LTS-T |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.6+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.72",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.23+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3573"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-27111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27111"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-3044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3044"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2020-7792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7792"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25184"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-12194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12194"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36626"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36633",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36633"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36630",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36630"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36631",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36631"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36629"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36632",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36632"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36627"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36628"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36625",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36625"
}
]
}
WID-SEC-W-2025-2798
Vulnerability from csaf_certbund - Published: 2025-12-09 23:00 - Updated: 2026-02-16 23:00Summary
Red Hat OpenShift Service Mesh: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Sicherheitsvorkehrungen zu umgehen, schädlichen Code auszuführen oder einen Denial of Service herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Sicherheitsvorkehrungen zu umgehen, sch\u00e4dlichen Code auszuf\u00fchren oder einen Denial of Service herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2798 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2798.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2798 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2798"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22939 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22939"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22944 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22944"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22936 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22936"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22937 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22937"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22938 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22938"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22941 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22941"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255417 vom 2025-12-19",
"url": "https://www.ibm.com/support/pages/node/7255417"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0261 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0414 vom 2026-01-09",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1249 vom 2026-01-26",
"url": "https://access.redhat.com/errata/RHSA-2026:1249"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1248 vom 2026-01-26",
"url": "https://access.redhat.com/errata/RHSA-2026:1248"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1506 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1517 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1596 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1730 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2139 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2139"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2144 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2456 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2568 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2760 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2760"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2754 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2762 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2737 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Service Mesh: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-16T23:00:00.000+00:00",
"generator": {
"date": "2026-02-17T09:10:56.937+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2798",
"initial_release_date": "2025-12-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Service Mesh",
"product": {
"name": "Red Hat OpenShift Service Mesh",
"product_id": "T013933",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53643",
"product_status": {
"known_affected": [
"67646",
"T013933",
"T032495"
]
},
"release_date": "2025-12-09T23:00:00.000+00:00",
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-64756",
"product_status": {
"known_affected": [
"67646",
"T013933",
"T032495"
]
},
"release_date": "2025-12-09T23:00:00.000+00:00",
"title": "CVE-2025-64756"
},
{
"cve": "CVE-2025-66031",
"product_status": {
"known_affected": [
"67646",
"T013933",
"T032495"
]
},
"release_date": "2025-12-09T23:00:00.000+00:00",
"title": "CVE-2025-66031"
}
]
}
RHSA-2026:1517
Vulnerability from csaf_redhat - Published: 2026-01-28 22:40 - Updated: 2026-02-19 14:37Summary
Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1517",
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-488_release-notes-48",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-488_release-notes-48"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1517.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-19T14:37:17+00:00",
"generator": {
"date": "2026-02-19T14:37:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1517",
"initial_release_date": "2026-01-28T22:40:02+00:00",
"revision_history": [
{
"date": "2026-01-28T22:40:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-28T22:40:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:37:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.8",
"product": {
"name": "Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Aca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Af23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3Ab22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ad353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Ac7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Aeb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Aeaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Affc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Acfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ab60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ad480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ac69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ae7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Adb0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Afe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Af5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Adeea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Aec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Af7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769010086"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Af96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Adcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Acc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ad5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769125501"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769615659"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64 as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le as a component of Red Hat Advanced Cluster Security 4.8",
"product_id": "Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-28T22:40:02+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:452b98b484516602e84835289b97d3ce5bfea4de66996fc66381a74e5f47ab44_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:db0681aece90f0ecbd6cebe7dbc60ba59f02258a27cdae938752a7e9dbaf475d_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:eaea088de3ff04166ec467b67d70f55662a2917441d3d9d4e8dd39677031bc4c_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:69cbd0e1ffe7abde1ac760e74088a5f98c529fa22b426dd15de013c7308bf325_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:97949783533ac35c4c48c3bdfcb5306853779e82b101e52fdc2f95923d4d071f_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:ca3b14d4dc352c45cfab525c2c4e2c703c46a948022634b1d023ac27fbf57f89_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:438b4904d97ca6cd51284955f284c0b078af30859460eb1ed608e20535ccc2c8_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f96217aeff1a39024700537986dca70ce7e94949c91c3da815dc715ef6588044_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:fe5172976364ca5ef1bd83d25b5a51497d51782ef30706ccbceae3db64d10019_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:b22341e8dfba8b10b70f21f3b597c02874bae485c07517402db0930397d82688_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:194bed8ce4509622b1802b5b6c528e34c4fa610e7ca2894d2c5a34874e1e393f_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:f23f9417f4dc4631bb2ab5e51e95d3a28ea7511f96a12f5d717353db4a1b40cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ffc6d43eb11c5cc4672b73597b6cfe0dce6356f40777f4ab2dc26aa1f74cf957_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:cfa4cd81826c4f945fdb2900aa16028919ad0737beb15c424162a34c1f86a46b_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d353cd9e8305138cc186affd8d68256061ca2113208c8969a5b0fa7b4c1eab24_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:dcfa45646e951547da04021f3f35d7262a95f565366a1c5ebbf12532f783f686_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b60ce2debac0fa9a6f0a125775df71c175aa1a0d25489cc63e1caf98464fb6b3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:cc3f28d099d73edfd4a234b5c6bdd52299a7b3fec9b25275aca413b64c9320e3_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f5a834aae45dabf73e50ef426ac18c2a4737c99373aa8705b60778cfa6faebe4_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:670450f25d9a48e836d7ea6196f7da036dde40a13c87ac4e56821a6c255820b1_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:d480afc91510b9422e2d227813052a6a25a759bdd0fee683e399d3dcfa08ab29_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e292fc02185514b2e246e4ca7e23572bf24d64b72bb503e80b5f43411d6dd585_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:eb98140ad6ba3fe2b9fee5f59130671b490cf2849f5fb68a2abc51748d97ff8d_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5180c88b2677bb366aea5af964bf40c1bad8bbf4c33cefaba87ce6c22e9e8e17_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:87359ad896ce3ecce5da9763a34f18b0481cbad50b4f3b0130b948e57645f818_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:c7a63ddb83702fc56250aaf0bf090db1038d7d29eb6025b6e9bc717e3cb3ced4_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ae07e2c03ed0497812c7f716d05358367bcd6aec9f25141658a86cba4f9361e_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8e4a29ad6b0e226e055bc56ef73b751a94f35fe06e83cf021b1a23204fab64cd_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d5242d47d9ce958769e5986d54eee1522b19341677ef2051bfea3c72b4b86ce5_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:deea39a769a89ac2ac4ea6470d4865de5802331e36b81ac167526b7cd92713fa_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b160193dd2e7612a7cd95e2f3e2863fae06c51b29afe8e67d57fa80ec703884_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:e7e8edfbe4e6a55628f4d161d42d375f41e45e9bac792e1d33aadb3dbcafe471_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f7687becdf95ecf98b9fadbc501163c3bc2f4b1906fd59c19ad6717a1897f8e8_ppc64le",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e_s390x",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4586e2f4308662e5ff54d15fb4a7839982fd59a74a7e0534b7df0537c65da3e7_amd64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c69235da18dcccc515f64615d6e2313423520cff6c3d32b87b2c3e1f1069ffa3_arm64",
"Red Hat Advanced Cluster Security 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec4c412b018affc913dd6e50fa1ecaba47993619102a235572d30eb354af3599_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2026:2350
Vulnerability from csaf_redhat - Published: 2026-02-09 15:50 - Updated: 2026-02-19 16:09Summary
Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2350",
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2350.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-19T16:09:26+00:00",
"generator": {
"date": "2026-02-19T16:09:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2350",
"initial_release_date": "2026-02-09T15:50:42+00:00",
"revision_history": [
{
"date": "2026-02-09T15:50:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T15:50:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T16:09:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.9",
"product": {
"name": "Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Acfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3Ad8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Abaa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ae2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ac1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Aa75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Acf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Ad63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Ae87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Abd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ad9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Aa3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ade3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Af49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Ae5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Abe9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769065259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Ad9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Adb417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769492398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ac916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770250889"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T15:50:42+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:294c8f3d3cce71c22e6bde11783c04fa5db2ae19ad2a741c418005faa41da67a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:4efd0780d62b6dddbd5eef4ae8c1620b8e72dfa1551d89e8c9b281ed50afc2f9_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf5beedfa9139034d92f170115321be8f442b152628f1c91841a1be1cadfda33_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:32faefcdb174ed2e92291cc075ab321e8fa462fcbd951e7edaa019011e87ccad_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:cfb6a722aa6ede9218d9d7a28c7aae1b1455bc0ba5a41ba488e95ee504cccd70_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:d63ab6fcf507a4dc7c38df369111c44725ffdc3384840cd7cfbb89fe216af914_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1324d938cf5047df9125eb4bf6a9565fc4443b62c24e34494c1f57d1f8b5bdb1_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:e87ce042d9afb90c643de99cfaa98314230a2d9a01ad1230cd0596413991f4f5_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:f49305d1e529f1be7d213f548cc6d49d958ff578eb4e41320250634497a1dfb2_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:d8111014ef89a6679f19c48888189ddff4e3bb4269d1ccd09c7114ba6e5360d6_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:1e9116742efaed46b4b93ba1ff8eb026ffa5bbe5146690d020389b95bec77051_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:6f0060cfb71c9ee2788f2bcebd1d9aa40e337c10921a4c631c0119c80721b539_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:d9c49f3d6b2d8ec68784c59bf75810bd4290f4118eb7e512fd6150193600abc4_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:92cc9e13e92ad25bc2ca62705136be35b16699d1ddc9c8f5653cfb7b9e9f9e72_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:96ba7c71703db09c15f1633d2b5c14a22231a6f87fffacb639542f4ad2429551_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:baa02b25c952aa9e463fdd8bde3ae196621ca09cabd508b9638a82c528b6acda_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:50a2768f8ffcbdc15ed719eb6e5c08da0a9e31b2f17c77cf0b305c4f3d5d8135_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:d9662472c1cd18a4a0ec5103b30cb7576ae926d43ed290c88586a9304d01d3c3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e2d7323de0313fc7e498791d2294fe4c46448638753349002dfa0e16580f9435_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:44c28896965619b9b4804dd9099303f076533dd664766cff932ca27a9b3b2805_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7830f4f7b3673034dacbe1d48daf493afc3282fd1509b12b2e8d7716179c036b_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:83b76afb22949a7488a6480e16810b74136e395380a5f2050e2f2419aa90a337_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e9b1465496174394f2e54facebca1f1d0cd6dc54ddb0a82265b3feddd3d1867e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:bd07e7aa5ab8f4419cfe29872bc99d6bca1fe5c73034633ec371b1f1ff59d66c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:db417ef9da0ec483035d4545ca5a3728682435458daf12ed0500a08430a4680f_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:e5e8360e4078c425988ac07bc24860e5361b6e119f5fa54370d0775a60da0f9d_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4b8ecf8d2f99224d7272b1749b7b89f8bdeb5d23458302809a06aab6fa91b553_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8a1888b71a59b083571620531fe473b9b042fc7aab0d99ec2e0b184f3101c25f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be9caac01f90306f9e645ae9981b34642434d08fc5259c302a369c1675224f29_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fd4368e9067519644039006f494c391d65e59d45abc981707a886a17829cdc_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7a3f81bbda7dc41d40b2f192e99b8ba4088fcac383e70ba9591d1da074be108e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:a75bba630478e2466c371b78ffce02ad116cc872bbe78624cd3438e45f47f93e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:de3478fd6fbd75bd4a428241e6792eefd166f7f0a38ce45b7994cb51d284f010_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9848a4f71fd2bfdc2a22a338a253875f3073777c0d5d5f70b88429d8d4459fdf_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:a3cfe3a06fadbe73d8a12e84beb504c9204e34f52af459c30d4e72a2b0a411e3_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c916f911c1ff8a7991f46dc850d014db42872acfc74e6ea0f6880336b066a6e3_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2026:2754
Vulnerability from csaf_redhat - Published: 2026-02-16 15:43 - Updated: 2026-02-19 17:41Summary
Red Hat Security Advisory: Red Hat Quay 3.9.18
Notes
Topic
Red Hat Quay 3.9.18 is now available with bug fixes.
Details
Quay 3.9.18
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2754",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2754.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.18",
"tracking": {
"current_release_date": "2026-02-19T17:41:23+00:00",
"generator": {
"date": "2026-02-19T17:41:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2754",
"initial_release_date": "2026-02-16T15:43:51+00:00",
"revision_history": [
{
"date": "2026-02-16T15:43:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:04:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T17:41:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249996"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249993"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Abb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2568
Vulnerability from csaf_redhat - Published: 2026-02-11 15:09 - Updated: 2026-02-19 16:09Summary
Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details
See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2568",
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68428",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68973",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html-single/release_notes/index#about-this-release-493_release-notes-49"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2568.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.9.3 security and bug fix update",
"tracking": {
"current_release_date": "2026-02-19T16:09:29+00:00",
"generator": {
"date": "2026-02-19T16:09:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2568",
"initial_release_date": "2026-02-11T15:09:41+00:00",
"revision_history": [
{
"date": "2026-02-11T15:09:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T15:09:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T16:09:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security 4.9",
"product": {
"name": "Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Afdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Af5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3A4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ab604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Aeffcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ab42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ac399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Abff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Af8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Afe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ab88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ad09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Ae85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Ab4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Af4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769100379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Adea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Ab6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Af630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ac1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1769577723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ab57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Aec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1770074713"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64 as a component of Red Hat Advanced Cluster Security 4.9",
"product_id": "Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security 4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2025-68428",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2026-01-05T22:01:15.703824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427236"
}
],
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68428"
},
{
"category": "external",
"summary": "RHBZ#2427236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68428"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
"url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
"url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
}
],
"release_date": "2026-01-05T21:43:55.169000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability"
},
{
"cve": "CVE-2025-68973",
"cwe": {
"id": "CWE-675",
"name": "Multiple Operations on Resource in Single-Operation Context"
},
"discovery_date": "2025-12-28T17:00:44.161022+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG\u0027s `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68973"
},
{
"category": "external",
"summary": "RHBZ#2425966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306",
"url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
},
{
"category": "external",
"summary": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
},
{
"category": "external",
"summary": "https://gpg.fail/memcpy",
"url": "https://gpg.fail/memcpy"
},
{
"category": "external",
"summary": "https://news.ycombinator.com/item?id=46403200",
"url": "https://news.ycombinator.com/item?id=46403200"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/12/28/5",
"url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
}
],
"release_date": "2025-12-28T16:19:11.019000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:09:41+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:954a69b7fc21665057ef4de00d5a3fe1907cb6b3a02faa922d61ba9b9561ff85_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:f4141ca6948e53983b0aef57965bed68be81db2ef84ca4fca597e3f5655ecd7d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:fdc9b12b9ee45dd85e277f21f5219c8900b7c0a684090937a9a4cf69a3d22061_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:709d85ccdd2c9ddde6c152a44356800cca972d655dc310f7fdf4307c52f34a73_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:9bdd97f707c4ce105262bd4891d9f644f4ede21005409251051e670045e61e37_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:f5bbdaab3899347f0199211c97f3643bc0aed644d7f2117b22bce1bb61ea7838_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:68ec422055d5c2bd25e891853a5871e57f2c3a175ccea404be52a84c5b470e8f_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:896bba113fa4ba5eab3bc944d58f7492b55945e2802845edee9362b0682ab419_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:dea9e54e863bb2694aec735efa084c60f0083f02f749388aaf872067629a4589_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:4293e169ce795c57143e5a37e0b909ba19d702d26830c749f960ce4ec77c0897_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:817f1ffbf4d8917fdb02f33a5ffd72e16f73952897356cb4d21f1daf1b6e3d88_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9fd9a15845c8e2b663c502a15efb17f2bc3b3555eb513a7972ffe71f37654b9e_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:b6764d281ee6620dbe9b825dc0d0f5e03bc1b2c1a440ccd28a159eb8cd3e2166_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7a49b9e8ea59229abd9c73c7c0c89ca4e6ed4b30ff8c3b5867c7aaf861658bf2_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b604aabc30af38b467a1679352a1bf76297520d028ddde8555bcc920887641b3_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09d170ce80d0e59bb67f64a31b26fef702d3d5d73b50d0475f92268f9d6f094_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:552b628dee91632aeae32b09add80d1293ff6210585ec1469e1181660ee626e9_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b42e39f651d32f6f3d52496904a6837571b41bd4f104164f7c7e53f7866f2e74_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f630b49b63c4c3e5a06f9fb96c16858af84baf0988386c11ed3f28a4a1d596b6_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:22b88e02a978be77ef7c104bb7ee7844630413b4bfd307ed2028ac7749ec4eaf_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:4138b33646b5bb576c0f20fb2b436e8f4afb214201fb0c4e0223cdaf22bdb98d_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c399ab5c8f1c0702788c49bd02cdc3495e44ae777c5e89771798eff2ac32c96e_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e85ca69d5d3e49fbd27f6f933460ec8c91ff5a02db9fcffbc6df56ab8365e05c_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:60ec86b8361ab04a7ab167079e7ba62ca091596ce21bf62904d358b9e23d7576_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:effcbf4f105173a4725b450706db3297b77bcfd4a9d7b0b9f7b2f8a88436a50c_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:fe930290f16d00ea10ed532739267ea1e5e2d71981405462f7ccdfb0e687dd5a_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0456c738acfa45201b2575099cb9347e653eb236b8dfaae076c79dcacbfcbf05_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:5bc76aef177b4d7d13712e680a6a89771982b550316e44053c1f46fd053506da_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bff622e8cdc9fa5f697816e1f8aaa86a1dd12bf018906257403907f8896dc649_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1fb03f17968db99962f6cea11dd288fd0101bc9b8168cd296c148b451dab6d7_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c_arm64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:b4232e6ba47868e601e14b219730d272ca953065c7bd998ed5266238d13eb71a_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ec5aa99bc9c1fdc57be287f9402cbcdd31274eeac7bc158615c0c61a9fa7f3fe_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f8412ae382a83aa6be858ead781b6303cfa39c2574800ca181d62355c023ef6b_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162_amd64",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c3f41025d90f9288ddc2e6f749ecf9765e6489184acd7532d0d2f3e476473f3_ppc64le",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b57d042b045f2600dbd6e446c0c651b1ae0a85158077bd52cd0b76616bb95230_s390x",
"Red Hat Advanced Cluster Security 4.9:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:b88a4d77f26b9f230d8abbc06aa0a3a1cde6df903a6ef797ee18efb81e2674ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2026:0414
Vulnerability from csaf_redhat - Published: 2026-01-08 22:34 - Updated: 2026-02-19 14:53Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0414",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64460",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0414.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-02-19T14:53:15+00:00",
"generator": {
"date": "2026-02-19T14:53:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0414",
"initial_release_date": "2026-01-08T22:34:17+00:00",
"revision_history": [
{
"date": "2026-01-08T22:34:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T22:34:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:53:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59682",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-30T13:18:31.746000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400450"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Potential partial directory-traversal via archive.extract()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "RHBZ#2400450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
}
],
"release_date": "2025-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "django: Potential partial directory-traversal via archive.extract()"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows the \u0027\\0\u0027 character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-64460",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-02T16:01:05.300335+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that process XML input using Django\u0027s XML Deserializer, including Red Hat Ansible Automation Platform, Red Hat OpenStack Platform, and OpenShift Service Mesh. A remote attacker can exploit this flaw by providing specially crafted XML, leading to a denial-of-service due to CPU and memory exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "RHBZ#2418366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"
}
],
"release_date": "2025-12-02T15:15:34.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service"
},
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important as it affects libpng, a widely used library for PNG image processing. The flaw is due to an out-of-bounds read in libpng\u2019s simplified API when handling specially crafted PNG images containing partial transparency and gamma correction data. Successful exploitation could result in information disclosure or cause application crashes in applications processing untrusted PNG content.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
}
]
}
RHSA-2025:22938
Vulnerability from csaf_redhat - Published: 2025-12-09 14:59 - Updated: 2026-02-19 14:50Summary
Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1
Notes
Topic
Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1
This update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Kiali 2.11.5, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.5, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22938",
"url": "https://access.redhat.com/errata/RHSA-2025:22938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-64756",
"url": "https://access.redhat.com/security/cve/cve-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-66031",
"url": "https://access.redhat.com/security/cve/cve-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-12816",
"url": "https://access.redhat.com/security/cve/cve-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22938.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-02-19T14:50:23+00:00",
"generator": {
"date": "2026-02-19T14:50:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:22938",
"initial_release_date": "2025-12-09T14:59:35+00:00",
"revision_history": [
{
"date": "2025-12-09T14:59:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-12T21:35:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:50:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Aef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764836235"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.11.5-1764835957"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:59:35+00:00",
"details": "See Kiali 2.11.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22938"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:59:35+00:00",
"details": "See Kiali 2.11.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22938"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:59:35+00:00",
"details": "See Kiali 2.11.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22938"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:502dcba52460677c5d20f2649216e62c426acb83fbfb38bd630e942b9c0c2733_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:53f1ed0ec0b57f5d35c51dda8d3490649c91c2596658f91e9e206c6fb476ee1a_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:75b9064c9e83a08e0147ff97fd45ca8b3adb6f16bccedf66c146a74a8c769b25_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:928ed23934eae4e9c16ac23eaa828cc09f2d0ae539f330454ad6222e8cec3250_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:00743a84647ebaac732100a5e224ec024d3dfa22a9a942b4df81d1042eac2493_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9d884a817a1a1e8924b6405e694ffae05f78664f4e00f355ec2ddd7c05446e53_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ef0ddf23bae41b1c9aad0b05c90aecc2a21b45e125013a139e705c27285907c5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2026:0518
Vulnerability from csaf_redhat - Published: 2026-01-13 16:03 - Updated: 2026-02-18 08:48Summary
Red Hat Security Advisory: Red Hat Quay 3.16.1
Notes
Topic
Red Hat Quay 3.16.1 is now available with bug fixes.
Details
Quay 3.16.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.1 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0518",
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0518.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.1",
"tracking": {
"current_release_date": "2026-02-18T08:48:31+00:00",
"generator": {
"date": "2026-02-18T08:48:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0518",
"initial_release_date": "2026-01-13T16:03:52+00:00",
"revision_history": [
{
"date": "2026-01-13T16:03:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-13T16:04:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T08:48:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Ac1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Aa0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ab89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Ad209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ac7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aa1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ad723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ab291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Abf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ad9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ae8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970174"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Abe10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767980647"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:03:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:03:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:03:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2026:1596
Vulnerability from csaf_redhat - Published: 2026-01-29 18:40 - Updated: 2026-02-19 17:40Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update
Notes
Topic
An update is now available for Red Hat Ansible Automation Platform 2.6
Details
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Update(s) and Fix(es):
https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases#aap-26-20260121
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.6",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nUpdate(s) and Fix(es):\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases#aap-26-20260121",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1596",
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62706",
"url": "https://access.redhat.com/security/cve/CVE-2025-62706"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64459",
"url": "https://access.redhat.com/security/cve/CVE-2025-64459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66416",
"url": "https://access.redhat.com/security/cve/CVE-2025-66416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69223",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases#aap-26-20260121",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases#aap-26-20260121"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1596.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update",
"tracking": {
"current_release_date": "2026-02-19T17:40:55+00:00",
"generator": {
"date": "2026-02-19T17:40:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1596",
"initial_release_date": "2026-01-29T18:40:37+00:00",
"revision_history": [
{
"date": "2026-01-29T18:40:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-29T18:40:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T17:40:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3A039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform\u0026tag=1768951346"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=1768871010"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3Ab6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884273"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3Ab4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform\u0026tag=1768951348"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3Ad55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3A00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768925972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768915992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3Abb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768950228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3Afccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768887865"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3Abb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768890500"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883872"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3A617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768888579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3A4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882925"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3A2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768896138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Ae21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Adf7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3A45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768873505"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883523"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3A7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768878183"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768846975"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768853828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768858596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768929978"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3Ac1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768869362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3Acf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768509220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884807"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=1768871010"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3Adf7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884273"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3Af1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768925972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3Aafe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768915992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3A09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3Ac09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768950228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3A39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768887865"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768890500"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3Acef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883872"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Ab9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768888579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3A5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882925"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Acf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768896138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3A9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Aa60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3Ae4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768873505"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883523"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3A546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768878183"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3Ad927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768846975"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768853828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768858596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768929978"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3Acec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768869362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3Ab6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768509220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884807"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=1768871010"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884273"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3Afabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3A635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768925972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768915992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3Aba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768950228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3Aceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768887865"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768890500"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883872"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3A0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768888579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3A224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882925"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3A50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768896138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3A932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Ab3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3Ac9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768873505"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3Acc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883523"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3A31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768878183"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3Ac4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768846975"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3Ab047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768853828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768858596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768929978"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768869362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3A0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768509220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884807"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=1768871010"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884273"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3A62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768925972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768915992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3A88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768950228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3A88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768887865"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3Aa567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768890500"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883872"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Ae441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768888579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3A0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882925"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Ac7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768896138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3A7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768889939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3A73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768882440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3Af2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768873505"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768883523"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3A79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768878183"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3Af0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768846975"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3Ada951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768853828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768858596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3Ae20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768929978"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768869362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3A08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768509220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26\u0026tag=1768884807"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-62706",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-22T22:01:31.800574+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405946"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib\u2019s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. This issue has been patched in version 1.6.5. Workarounds for this issue involve rejecting or stripping zip=DEF for inbound JWEs at the application boundary, forking and add a bounded decompression guard via decompressobj().decompress(data, MAX_SIZE)) and returning an error when output exceeds a safe limit, or enforcing strict maximum token sizes and fail fast on oversized inputs; combine with rate limiting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib : JWE zip=DEF decompression bomb enables DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62706"
},
{
"category": "external",
"summary": "RHBZ#2405946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62706"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/e0863d5129316b1790eee5f14cece32a03b8184d",
"url": "https://github.com/authlib/authlib/commit/e0863d5129316b1790eee5f14cece32a03b8184d"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m"
}
],
"release_date": "2025-10-22T21:31:10.997000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "authlib: Authlib : JWE zip=DEF decompression bomb enables DoS"
},
{
"cve": "CVE-2025-64459",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2025-11-05T16:01:11.092353+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2412651"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Django SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of this vulnerability on Red Hat products is limited to the effective user scope of the running process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64459"
},
{
"category": "external",
"summary": "RHBZ#2412651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://github.com/django/django/commit/c880530ddd4fabd5939bab0e148bebe36699432a",
"url": "https://github.com/django/django/commit/c880530ddd4fabd5939bab0e148bebe36699432a"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/",
"url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/"
}
],
"release_date": "2025-11-05T15:09:58.239000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "django: Django SQL injection"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66416",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2025-12-02T19:01:33.806874+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418445"
}
],
"notes": [
{
"category": "description",
"text": "The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mcp: DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66416"
},
{
"category": "external",
"summary": "RHBZ#2418445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66416"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99",
"url": "https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-9h52-p55h-vw2f",
"url": "https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-9h52-p55h-vw2f"
}
],
"release_date": "2025-12-02T18:14:28.310000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mcp: DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-69223",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-06T20:01:19.831548+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427456"
}
],
"notes": [
{
"category": "description",
"text": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host\u0027s memory. This issue is fixed in version 3.13.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "RHBZ#2427456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a",
"url": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"
}
],
"release_date": "2026-01-05T22:00:17.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-29T18:40:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:25a6efd0b0ffea2e71c9445b5182e573bfffd97eaa23524f4b68d5c607059996_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:64aac5689f60cbaec481e0555a578900d3e6eec1ce88383e99e26a326d7f4862_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:b6e302fce15818440e31111a18acbeac9b3c52d7f4a30093cb40a16f6bd8913c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:df7f3900ef9a956a086dabe8993c25980d49a289d38083abd7a34e5f80a20373_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:25a43fd175bcf1ac97874ada6616f7bbdcc8b4e320e0d05761de7c0a55d8d87c_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:6f8e6da5a073c87f19f299e056336e0ae2987a8c0347f65384829b8f4ce9e80c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:d55b1eaa137dc27cf655ba161f3728954c93708f31096f4d7bec74bc443a5d62_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:fabb3773554a200ec6bf7b1ce385a478f5412e97a0e50ef312f69ac7c98a4c68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:00dd5ef9734ae5fd6bf02ea9c0082be429e7001be8c89848bf2ee1b96f7cbe00_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:62629f3ff53f78d962960f108bda5107e4a8475a66d918d3fce7269e22e8d76b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:635caa01e9609aec3a9e55438d2881863b31d83ad8b9fec50503332e4479d057_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:f1eb029e6a3cd2baf020e36d0bb35d2c3e34cf3bfc90dd4863c2647fab1d5d26_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:21c1fc9587302a43e56a3a54287a9b8e0bf785984f0973343da6a59ac688a6b2_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6b07ed2196c4b51752054682b678b1769b3e63efae0e29dc798b44543f4408f6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:6f407a8a50253d1d86530fa2f7ed45fe01d9f0723f8db0d666012d7be282d4ba_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:cef9ad82fe982c80adbb7cf096ebb32dc69ad5a8428355a2e798abbc7d3940b2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:351a42dbcf06a2512e36799930cc4b44ed176f088a5d65ab9cc373f5ba0aa9a2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:a567e651e4c79cff2462d3b69edcdbb2a50da4b4fbd9f1f3cc3f2dc93abc64b6_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:bb334abcc74bbebff0442393d370d7a4990097b275cf46761933a7fd61d94c87_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:c4cf08cdbba3e616e2453f124ce11ebb72653e0de6a780b4f68307c90cda342d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:d927536428dd9fc5e0110e2edf0678bce6ae803818851e9f3c6db4b2c1ed1b53_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:f0cdeba4cbbb214e6706c95328b304f0d08e33e4ebf654c8861f20bd6f16359b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1494d1eb6aeb2b180d7833f4b4ade9f0bc945b995ffbd2378256919b0704c2b4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:b047748fdd4411af0807776e0765f76bc3065adc16187af5ae7e43cf980842bc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:da951e7340094c17b6d359efc8d1e4591a9694a606cc16d007fae7e1abc95e8b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:0aa678bfd5ae3650bd25e90b307dd251b3d5e56c700887c8f871301a9947330c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:224608719c557fe2d19d6f0353f53c592fed0e4232c34cf780cd38d7d5e4e207_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:4d67f76d999abaee9ccc5d27a9cb694498dbda905275962df54c7cc145c0b7db_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:5ad36e200f613831b479192723a949ca7420bf6865f6a0ff88e069251602c7de_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:0420e8e58fb2237a0024044ffe54c4c25ea92fb991664b0bdd9f5eec49ca75e4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:617d7a7e88231785deb78260a5e3f08272fa53251adcb0a691a678fcbeeb78e0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:b9109e372378d030e9cd0c8879d3ff9bc8221f0577e7759b25dd5e21cd6653c0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:e441cba14bbc5d4ce62fe8e8600149eccaa526e4119c4d854fe47b998f754aae_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:2e52f2efbe884ac6834c6ad93402ce4bc4414a04fe120bef961ea9afa2859840_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:50496f24b9c844a7ed14d538cc3fcaeaca6da8667ba124503458dcc921d14fcd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:c7f22e43c330f0718ba8d0441acc62c16aa09dd4825600ba3ecb86008828a057_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:cf99e97263656670cab278016bdc8c156c961fbabd0effdec016a1ff7b33f225_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:3142682f07816ed801f3837d3376f5852d14d674d86c46743422386ef7f4385d_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:447f06b8dc100e5ac709204e72d99852a622cc01b8cb177c555039df2e06a0f7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:49cc8d94576844f60fe1131024a2b2e9e7c3d8c306439767d4c0de41369652c8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:4d392f1b1309a6a9764bb4e450780fd1fd168da36b0e6a01da73dd55a849a7bd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:0ff2bdafed4d8a180b2ff9c994ff8054ce0ee7f07ecc9e05fc30cd551e62497b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:1aee5006153f2ae1d589355a9c2ea1090c539ca8458cdfcd480c04ec6828c755_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:59d301fdff15bb1eba9e77dd37e00c1e0576b509a14c1e76785773a48cc18537_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:e20e5ad1f6b473f03edfb1b3a817c26bb43b192137afbe189e1ec726cb096477_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:31b7428af40586107a315eb1cac099c7343873c10523c2ffd8494c88217cc5b9_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:570aa2c712ec71fe83820f899fdb169bd9e1026490348368f02e6e3d04c7c6e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:73f8891d75eeede0e88824b3cabf4544727047b436f0ae80ee60b01e42230b73_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:8d822db4e1a5271eb5fa31c203b32cd9f973cb13f34f5c2b68e296ff4f13d00c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:73320a344616c319683550a0487d9ef1fb1fe54c2f06817d7bf13ff549ddd3ea_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:a60ebca6a3eb3f145978589c2322c107c23d4c32e799eb8d12f11b5ed9912d33_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:b3888d42eba19e6ceb6b631d113e65cd482297a33ebdb2057e7e0c44a7dcae60_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:df7d07eb597792ca1c493e5d78cb847a538b0e5bd061e93bf94a4fd6c99a7c82_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:932a5db05aba507f85a7e404e8848d3a2009838222e6b1ede8c13b0f33188fab_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:9abe4b317c69871447dd2f4a74b95a6391cf6ed88d4125ab318d5e2310e8abc0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:e21ef827412d8de0d446b7e45d67423c683eea6ec12cded2770d845e4d07c02a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:19443c6fd9838cbe6398cf2ea7df4852764ba70aad79d5da551e3503a3192651_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:351eefcfa754ef2f711aa301e927b276a95e836d5699d7e8e9d6d1176faf0ae7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4dc4a4fb23adb676eb1b70a601ab8859896c44062802a021b74d9f3ae07d0ddb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:cc2dba295bca8642284d5b38b486565c82cdcf9a062c3d0acf2b1f0b15960a0d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:45b1e0961f8a9c7eb8f65972c898c76cf19d32a95e43260c01ac23a578df44d3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:c9f04fc98ade1aaa7ca7ed968a2f00660a8d625d55358f6df00642904de0d0e6_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:e4a85d79271d489c89660d522f9a857fc6ed8462e0f9e753ec79534aa0de7867_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:f2845e416829b88121dfc03e75c90ac659002b82ff8e5c50d4aa0e16688a9627_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:31da220ed57678f609cbf3f360837f300a391cf06a127169707593ff3b617a44_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:546b59720c87b112388791cc671b8691dab6ca5036e031df0b0dc195a1018a80_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:79a282b30e96620cbadf85cad0d53acee1a9bec8f01f0d4759f4f019cfd6b89d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:7e9d7009faf4af8d39b3362b60579ba0bb83f91ac859a0ff354735c3f611e339_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:46b2edd6b932b2e06f8f097878ebbf625f89b822393950d2e1acc2f8957d1931_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:543e322d6eab6697565ff430371ff730ced0c61251239a6273b878013ce5a266_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:9ea713296e07225823aaf163accdf9a0d2b8c1388ff19fbffd6b9ec12830c06d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:afe3061a4f340889830034e31c3cff08e24e11e9b9c6251a5f63f636524bfacc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:1c59de49af7767f48321a739a44051321ecac2adcedd95518e0654c9f4a2eb15_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:6294eded6bf2caad16b29c5b920beb08d91d6c52a7d4fd845b1d4a01365237e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8b95b9b35a3a298376121492df39a1806177a6d3b401c2daebdf54d12b83d102_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:c09e419e8de17ce827388e6bd66cc72a424d630d8e9b5a727cb7286716c7fcc7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:09874121ddf67363bdbf0e357c9e286551f34196307c13b0b432f7a1b9b3d45f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:88b2f4fc0e7c1010eaf97a09243800c418a63d46621627a2189832ff74d04644_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:ba436e3bda96285fc91c559529ede143897056bc0302505960dc6d20ecb01d29_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:bb11c4bc75f916bd4af045b753991df2efd4832e31007e09d4decebbc7d90483_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:39f20e081bcdf385ba8bac4d9e5f50dbc07917f7bfced0b56e068e70ef864444_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:88262cc5aa63e3beb4c78a51e9115b1bc85ae1c08a895bb7daf800ddfde3dcad_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:ceaa20f06a157f1a244c8e57280dbe315717f4ea761637d06c1a0937e6a69711_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:fccd13ac7d4850a0e46c2fae98e23fc5e9eb261df1c14e8ce95726aa86d475fe_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:03638dee7984f80be2fb136c8f33cdf58fa2281900c43054b7061fb897dc6ebb_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:4f4ff198e22a4d2e3f00f3966a08df8579fdc3d9afe9ebf093dfc8fdcda6c71b_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:c1e501a1d34c183e47e83082b62f959ba5a4e756b7d449a7d97108c6394e10e3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:cec442e07e80f62e332974070fe02522146aade2cbe5c417c8de4c77dc62f587_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:08261c86284cb6f786bc8d0f089b22dc340be5cfdc09b4bb4abd4c3a72181965_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:0d39c4c0f2cfa827a4452a946ea41c4949328a16490b9612d0828350256147e1_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:b6924383b6213e5231afe55aa029486fef16fad21114e2b7a6c66cd19d3173a5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:cf50def1f70cc2ad3fbf3072608c58cebddd376ed3a06fba6d2ad732b08d0029_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:377e26a0752eda6db97831edcebd4058c4f89a837789f638a1dbef3b73a427e4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:5566863e20e6dcc9b04192399afec4ea7aeb47ca7585633280a48169275b8f68_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:64ae7b732a677ddc8ca28fec2e735398822d234fb96dcc3a265851d694c79377_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:73572a883c38cc62d91515fe94ae5e90d86246c841c44f2c57d89a95dbf98a73_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:01020dd8144633143bcc8060d08ddf149e63ddcb408a57fe4f7a69b4e6460f16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:08e91518b7f615417cb86b3847f3b58f77c6125c38baa324f1b220a5ad694fbc_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:54a4c7b1808aeb415b0d7072b8599b605eae0a6f5cecadd0b1941fcc307e64a3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:8f3a353973669f0c4fa258dc7dcfeded5653aa8eaead4a93e84ff8ff2a7e11ba_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:039b5205029e5173cbe160e5325d2970373883d36d8143db82bd4f2977b53bcb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:b4e14389a82c9effdbdd2e3dfc71315fd6114f290ffca6e684e497070cef4e44_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
RHSA-2026:2762
Vulnerability from csaf_redhat - Published: 2026-02-16 17:44 - Updated: 2026-02-19 17:41Summary
Red Hat Security Advisory: Red Hat Quay 3.10.18
Notes
Topic
Red Hat Quay 3.10.18 is now available with bug fixes.
Details
Quay 3.10.18
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2762",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2762.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.18",
"tracking": {
"current_release_date": "2026-02-19T17:41:23+00:00",
"generator": {
"date": "2026-02-19T17:41:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2762",
"initial_release_date": "2026-02-16T17:44:31+00:00",
"revision_history": [
{
"date": "2026-02-16T17:44:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:44:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T17:41:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Af006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991805"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ad8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770993022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aaab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2900
Vulnerability from csaf_redhat - Published: 2026-02-18 08:39 - Updated: 2026-02-19 17:41Summary
Red Hat Security Advisory: Network Observability 1.11.0 for OpenShift
Notes
Topic
Network Observability 1.11 for Red Hat OpenShift.
Details
Network flows collector and monitoring solution.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.11 for Red Hat OpenShift.",
"title": "Topic"
},
{
"category": "general",
"text": "Network flows collector and monitoring solution.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2900",
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64329",
"url": "https://access.redhat.com/security/cve/CVE-2025-64329"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24842",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/observability/network_observability/network-observability-operator-release-notes.html",
"url": "https://docs.openshift.com/container-platform/latest/observability/network_observability/network-observability-operator-release-notes.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2900.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.11.0 for OpenShift",
"tracking": {
"current_release_date": "2026-02-19T17:41:25+00:00",
"generator": {
"date": "2026-02-19T17:41:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2900",
"initial_release_date": "2026-02-18T08:39:41+00:00",
"revision_history": [
{
"date": "2026-02-18T08:39:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-18T08:39:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T17:41:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Network Observability (NETOBSERV) 1.11.0",
"product": {
"name": "Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability (NETOBSERV)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771229282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3Aa852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3Aa9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227650"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256%3A6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771231259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771230433"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3Ac2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771229282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3Ae72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227650"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3Acfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771230433"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771229282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3Af85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227650"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771230433"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771229282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771226060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227610"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3Abb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771227650"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1771230433"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64 as a component of Network Observability (NETOBSERV) 1.11.0",
"product_id": "Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-64329",
"cwe": {
"id": "CWE-771",
"name": "Missing Reference to Active Allocated Resource"
},
"discovery_date": "2025-11-07T05:01:08.634160+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd. This vulnerability allows a user to exhaust memory on the host due to goroutine leaks via a bug in the CRI (Container Runtime Interface) Attach implementation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The highest threat of this vulnerability is to system availability. A flaw in containerd\u0027s CRI Attach implementation allows a user to exhaust memory on the host due to goroutine leaks, leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64329"
},
{
"category": "external",
"summary": "RHBZ#2413299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64329"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df",
"url": "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2"
}
],
"release_date": "2025-11-07T04:15:09.381000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T08:39:41+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2900"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:0c677aebfafea3f13c298396e9975da6fb392df0cef1b62df54d66b0f08376a3_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:472aaa4cabacdc52ecd2cd9d25710027612cc1c92a4a2685bf5321507028ec0d_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:9266caf90f473509cbd104e1d00b57a4695f16cf4e0be53819560821e0236461_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a852fe93a3de2a35b3f13cfa0ea0600f9518d4b97c123353eb2b4f78202e7967_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:325db5ee476d5467e24748b6a66def44ff06e91e7e0665f43a49d7df9dbc9870_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:7ed8059b6fb8ccc57c6c6aca6c826e4b45db3079cdf6d2854dec467a94fe46ab_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:a9d0f02ab4310c5a2b2026f424a07d35bcd2ab74e5f9fabba10a2514bef29545_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:4cb55d496e82d09f2a9f57f1b676d24134b1e4f817e10d4535581d4cb2728502_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:77695f611b1122150c84ee648c674037c488007684d8644a5fc420e111e447b1_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:bb0f0e05c7bb037cd07c260a8fcea50fb62cc433d8cd504c4bb065f994c359c6_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:0d23eb03050bcf371d44613a679456222b064cd3a6c17ea9a3c34f1ac7e3cbfc_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:619759fd4607dbb26e8ef0d47f50f8ec24323f0766167e4df15c51d6c31b9be7_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:e72278e61f7300880988fbac4e4e728e7f2ad14c3061ac39ece0d59a3cd5e228_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:f85ae8937c0d75a29dfe601110e5b358f8d92bb85bb43fff9bc88667ad43e4dc_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:84a41b297f620c777236b298ee3dca1656916757cfb043f96c035656f8b9c353_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8b660cd90abfe68d05668562155759079e7012448c142234ea3a37e6ee41436d_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9e495db6e28bb6e38b263557d303081ed3199039dc1e7d18c704be8b64d8dd18_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c2a7793ccbaf491a6018f3dd63b10f29e205441d1dd7ca9184b1b46f6db4b199_arm64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:6cc2706d0f934502e78d4f4585e0787a84e6751ff946568c21dbe7a87df699df_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:3180d33b433733fc469a0a8b2bf613f137eba10fd75f8bc586066d4d303a3a5f_s390x",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:5938d399221a1f7ad395ea18adf0fd5274e009f1de48114bc4d07968566b7209_amd64",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:9b5e5c68ff2fdd5ca27e34e8eda5d0e8a230eea65cdfa768a6f6643c1a35da76_ppc64le",
"Network Observability (NETOBSERV) 1.11.0:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:cfa8bd4f51b690217a305347ac412ee4efed2bdea695fa99f8f771c4f271b59c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
}
]
}
RHSA-2026:0261
Vulnerability from csaf_redhat - Published: 2026-01-07 18:34 - Updated: 2026-02-19 14:53Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.
Notes
Topic
Red Hat Developer Hub 1.7.4 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.7.4 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0261",
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11024",
"url": "https://issues.redhat.com/browse/RHIDP-11024"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11112",
"url": "https://issues.redhat.com/browse/RHIDP-11112"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11115",
"url": "https://issues.redhat.com/browse/RHIDP-11115"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11117",
"url": "https://issues.redhat.com/browse/RHIDP-11117"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11241",
"url": "https://issues.redhat.com/browse/RHIDP-11241"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0261.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.",
"tracking": {
"current_release_date": "2026-02-19T14:53:11+00:00",
"generator": {
"date": "2026-02-19T14:53:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0261",
"initial_release_date": "2026-01-07T18:34:52+00:00",
"revision_history": [
{
"date": "2026-01-07T18:34:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T18:34:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:53:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.7",
"product": {
"name": "Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.4-1767715042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.4-1767620808"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ae191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.4-1767730186"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T18:34:52+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T18:34:52+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T18:34:52+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T18:34:52+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T18:34:52+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:e191728df327f9e904c981f7f92bb2ca03fc4555094e0f53b12d86a367831b7b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2025:22941
Vulnerability from csaf_redhat - Published: 2025-12-09 15:24 - Updated: 2026-02-19 14:50Summary
Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2
Notes
Topic
Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2
Details
Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22941",
"url": "https://access.redhat.com/errata/RHSA-2025:22941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-64756",
"url": "https://access.redhat.com/security/cve/cve-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-66031",
"url": "https://access.redhat.com/security/cve/cve-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-12816",
"url": "https://access.redhat.com/security/cve/cve-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22941.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2",
"tracking": {
"current_release_date": "2026-02-19T14:50:23+00:00",
"generator": {
"date": "2026-02-19T14:50:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:22941",
"initial_release_date": "2025-12-09T15:24:58+00:00",
"revision_history": [
{
"date": "2025-12-09T15:24:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-12T21:35:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:50:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-operator-bundle@sha256%3A35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764846196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764836459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764756143"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.17.2-1764788140"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:24:58+00:00",
"details": "See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:24:58+00:00",
"details": "See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22941"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:24:58+00:00",
"details": "See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2026:1730
Vulnerability from csaf_redhat - Published: 2026-02-02 15:52 - Updated: 2026-02-19 17:40Summary
Red Hat Security Advisory: Red Hat Quay 3.12.13
Notes
Topic
Red Hat Quay 3.12.13 is now available with bug fixes.
Details
Quay 3.12.13
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.13 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.13",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1730",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1730.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.13",
"tracking": {
"current_release_date": "2026-02-19T17:40:59+00:00",
"generator": {
"date": "2026-02-19T17:40:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1730",
"initial_release_date": "2026-02-02T15:52:56+00:00",
"revision_history": [
{
"date": "2026-02-02T15:52:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-02T15:52:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T17:40:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Ad6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769802588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aedc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Acc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Acd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Af2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769855900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ae8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aa1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
RHSA-2025:22861
Vulnerability from csaf_redhat - Published: 2025-12-08 15:17 - Updated: 2026-02-18 08:48Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.
Notes
Topic
Red Hat Developer Hub 1.8.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.8.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22861",
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-60542",
"url": "https://access.redhat.com/security/cve/CVE-2025-60542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11025",
"url": "https://issues.redhat.com/browse/RHIDP-11025"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-9743",
"url": "https://issues.redhat.com/browse/RHIDP-9743"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22861.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.",
"tracking": {
"current_release_date": "2026-02-18T08:48:00+00:00",
"generator": {
"date": "2026-02-18T08:48:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:22861",
"initial_release_date": "2025-12-08T15:17:40+00:00",
"revision_history": [
{
"date": "2025-12-08T15:17:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-08T15:17:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T08:48:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.8",
"product": {
"name": "Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764857949"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764708361"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764862616"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-60542",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2025-10-29T16:01:34.709224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "TypeORM: SQL Injection via crafted request to repository.save or repository.update",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker able to send a specially crafted JSON payload to an application using the repository.save or repository.update methods can exploit this vulnerability. Additionally, the stringifyObjects option used by TypeORM is set to false by default, increasing the exposure of this issue. Due to these reasons, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-60542"
},
{
"category": "external",
"summary": "RHBZ#2407114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-60542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60542"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/pull/11574",
"url": "https://github.com/typeorm/typeorm/pull/11574"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/releases/tag/0.3.26",
"url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true",
"url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
},
{
"category": "external",
"summary": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453",
"url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
}
],
"release_date": "2025-10-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-08T15:17:40+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "TypeORM: SQL Injection via crafted request to repository.save or repository.update"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-08T15:17:40+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2026:2456
Vulnerability from csaf_redhat - Published: 2026-02-10 17:06 - Updated: 2026-02-19 17:41Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.0 Release.
Notes
Topic
Red Hat OpenShift Dev Spaces 3.26.0 has been released.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.26 release is based on Eclipse Che 7.113 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.26.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.26 release is based on Eclipse Che 7.113 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2456",
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.26/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.26/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66490",
"url": "https://access.redhat.com/security/cve/CVE-2025-66490"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2456.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.0 Release.",
"tracking": {
"current_release_date": "2026-02-19T17:41:18+00:00",
"generator": {
"date": "2026-02-19T17:41:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2456",
"initial_release_date": "2026-02-10T17:06:01+00:00",
"revision_history": [
{
"date": "2026-02-10T17:06:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-10T17:06:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T17:41:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product": {
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.26::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769804221"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769791331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ae0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769595755"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769685154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769539518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770052193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769466457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769691754"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Afd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769797105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Ac72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770186534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769869786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769680738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ae8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769638073"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770164598"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Acc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770046359"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Acc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770162394"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769804221"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ac4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769791331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769595755"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769685154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769539518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770052193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769466457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Affe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769691754"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769797105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Afd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769869786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769680738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769638073"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770164598"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Aa05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770046359"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770162394"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Aaa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769804221"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aeaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769791331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Af818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769595755"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769685154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769539518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770052193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Abe63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769466457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ade30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769691754"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Abc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769797105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769869786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769680738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769638073"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Ab520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770164598"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770046359"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ab998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770162394"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Aa85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769804221"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ae2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769791331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769595755"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769685154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769539518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770052193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Ac06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769466457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769691754"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769797105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Abc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769869786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769680738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1769638073"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Ada6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770164598"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ab4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770046359"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770162394"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66490",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"discovery_date": "2025-12-09T01:06:39.573043+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420301"
}
],
"notes": [
{
"category": "description",
"text": "Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \\, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, bypassing security controls for the /admin/ path. This issue is fixed in versions 2.11.32 and 3.6.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/traefik/traefik: Traefik Path Normalization Bypass in Router + Middleware Rules",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66490"
},
{
"category": "external",
"summary": "RHBZ#2420301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66490"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66490",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66490"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.32",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.32"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.4",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.4"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c"
}
],
"release_date": "2025-12-09T00:35:26.530000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/traefik/traefik: Traefik Path Normalization Bypass in Router + Middleware Rules"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T17:06:01+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:772af8d40b674ce306850d3ecf2b70b39bdceaf9e045a2db9299c0dd8bd5e6b5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a85afca6643f11c1e0d3976d5e679cea06d85675a5859e7e08611139f2450520_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:aa1d96a9c1d9dbf2fe077748807de1e047a17a942a87688c269aa60537b5c6d4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:51c627941a630d042202df9fbb0be4c289c3c2b4047092d350f564ea9815c55e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:c4339b180ab8f5fc5ea656c6d604ad1342e329557be4fe83f7747e7b30327908_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e2c1df1a1bc028158873b636f8b0341090b7f5211d74d0143c39b3b1f9d36472_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:eaf02961dff765751f8b0f14dbc928401faa0fa60c0ee0bf340ed814509794fc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:1a4accefcf3c48a44818e9126cdb893d469c93b2f058ce3cff6195d823d9e6c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:8608f41d9887eb5fea9df4b9c273fea3512c3ad492bbf8e542e6369db15be680_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:e0e7e2242127555100372896dee91fb69dd1a2fdbcce8473a1c343fc6b0b838d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:f818d47a01fd77940943b79133d1c7bf053359c72832e0df61397847af43f6e7_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7705755155844d580db7d2ce942bb095545f465be7a091bc14598f5ae83c0301_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:998779815c5a7888b80f635b942a7409733a839f4c7253a7b5ff920129f987ea_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ba7fc29722ef40b1565978c1f578786ccb65752bc82f50b794f3c5ab0c789d2a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:c72b135ccb51663313a9ed55dc5d46af1fbc2476c0243a523ce531262cb82acf_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:8935901859ad9b07689de3d9ea602adf21bcbd2105cedba83503296230b4adad_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b8ae475ea425efb5d30d2c23cd789ee993ee7e5026ed5c892106512351aee416_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:bc60ec1ad66c342f632d32a64012cae3c4426f54bf08578d60d25a68c31b02cd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:fd35a91b2542252bcd695cd7d02727e8a1c593f1c9a9ec88da92d5d797b17bc5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0f87d0637586a8d1aedb84b266f9781af80f63c1342b3951559aa18343825993_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2efc89cc392a8fdb0d2a493aa7cb0d5a6e3cc5efe19054181befe452f293ea59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:43368b4815eea7a9b1b6a33b061af43f521810efc1c102df0426796e431d0add_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:454566dfa4c035a67f5e4d5ed19289d1c97f2546ee06ef587aff36b3f2cdadee_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4e83ac026653a09abe7f783844617502298f45d4f12cb46445ad8d27722eed42_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:55e7a74a6e435a77cbdeee2d8d333f830d47c52449a27770310f010c4c4c6dd1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6a70faa18a51c05328cba689acd2cef1f248ba4d9f78802f3bdc4aff4183d521_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:819f3c80c8241446239d783d01e9a65e3448427a683dbaa5b91ba859329cdbd2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:5295d0aa61988b2722c9171a0c0f7a61e749479979746355861d0c8b6c2b58a8_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:65d7c3ada0b4c4fdfb576f5fbbc8b75264c26a4baabdbbaf2197e05186b6bdd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:be63fdd87b11d550dbd8cef2b74cbf843ed778365d877684e8525c9b017f3a50_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:c06a36be7e7392da6fcdbdbf79bf704852be05ac7bc094cc63355180b05ed9ba_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b709ca92a102d77f8a090e1503877e12dc24bbd6e91c0205d8402ad3a9c365e9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:de30783c5550d7dc3ebd71507ce41e4a6f6209663299453aaf35b73f17d161d8_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:ffe5740d684ac4a1b6c440bb4d2ca3ec20d71c008e65fa73f5143c43a7bda339_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:870546a61219ce727b59586e31edb8cbc653ce72264b23a89a916d04a0627fe0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:bc68ad64665acf9c4807bb4f4ae920da7c2a82716c8bc151bd269a4f234fc69e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fd2925764c63cf6ee7cb92dab59cc8f6f696f628e4676b37297dab95aa0187f1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:1a1e372643b7eeabd4acda8b440173ef83087b453a89f554b4c1c006c7a796c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:377caaaff59c843357600332c63278fa019eacec2a60567725dd149e98d6d3fb_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:4983729652072e885f84298af878c72f757bfb1e820dbb9ee4ad2494a6bd0f48_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:60460d63a971f7f129f97f1d73f8f577565d82a5f8d476e19b249b6e543dee0b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:0f0dbdab221c9ea50603b8a48ed61b2e322dc4dc03028611bcb120ea7bc32a81_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:3f001b01ff331475bc37556515ecab11699f54560d33caa8f45e84cb8ff91410_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8d7f9a00fd74530f30b15e62db3d3c7096a04a6e68e28ca1ba04eae538034f93_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:e8da554ed086a4ac5fcbe6ad7797f1f36c965aae3bbb75c2fd446b9dfa1d5592_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:7335ec3e28a4f9e88f03df6ad4b245f6ffc3e0b79aa1c5072f5cf27bbd0dbb17_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a05ebcc4507fd1c7d47254f6dc9b94a7fd1c0868f17e51cfe6e310f763e9baba_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b4770ac4b68c340a5efa523751761b725ddfb38d25cf129e2a978f6e3774e7c2_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc2df284c22698278472a3cb0b748b797097bacf72e24a13f98c8cd9643452d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:10da53d4e0216c034f57c990d1569c25558f68e65b7fc07e18b3e6be89490162_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:276782b304e7f31d1e846f6acc5caeda45055adb8630d1605ad4ec55431ef6ec_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b998742f17f56c16942062d11d4f7f62181703f4be20db6fa807a35d016cd7da_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:2966ebf5a1744c8bebae6c03efc4685aa8db9de84138fe95a63ad721a42ae06a_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:b520d66efc293127d9f0478eff66e2ddc6830f3b7d6ced0abe931792022a3f70_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f592ddd74feb260b51087e6555b6e7e42e61dc12a87475e3aa3b7729e33fcf93_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
}
]
}
RHSA-2025:22936
Vulnerability from csaf_redhat - Published: 2025-12-09 14:58 - Updated: 2026-02-19 14:50Summary
Red Hat Security Advisory: Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6
Notes
Topic
Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6
Details
Kiali 1.73.25, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.25, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22936",
"url": "https://access.redhat.com/errata/RHSA-2025:22936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-64756",
"url": "https://access.redhat.com/security/cve/cve-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-66031",
"url": "https://access.redhat.com/security/cve/cve-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-12816",
"url": "https://access.redhat.com/security/cve/cve-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22936.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-02-19T14:50:21+00:00",
"generator": {
"date": "2026-02-19T14:50:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:22936",
"initial_release_date": "2025-12-09T14:58:58+00:00",
"revision_history": [
{
"date": "2025-12-09T14:58:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-12T21:35:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:50:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Aadd09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Aecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Aaccf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Aab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ac34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1.73.25-1764836138"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:58:58+00:00",
"details": "See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22936"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:58:58+00:00",
"details": "See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22936"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:58:58+00:00",
"details": "See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22936"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2025:22937
Vulnerability from csaf_redhat - Published: 2025-12-09 14:59 - Updated: 2026-02-19 14:50Summary
Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0
Notes
Topic
Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0
Details
Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)\n\n* kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)\n\n* kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22937",
"url": "https://access.redhat.com/errata/RHSA-2025:22937"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-64756",
"url": "https://access.redhat.com/security/cve/cve-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-66031",
"url": "https://access.redhat.com/security/cve/cve-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-12816",
"url": "https://access.redhat.com/security/cve/cve-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22937.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-02-19T14:50:23+00:00",
"generator": {
"date": "2026-02-19T14:50:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2025:22937",
"initial_release_date": "2025-12-09T14:59:02+00:00",
"revision_history": [
{
"date": "2025-12-09T14:59:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-12T21:35:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T14:50:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A76d016722febb26186803476d1479339130eb5911299b01955e5449488910447?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aa529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ac012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764836335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ae00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=2.4.11-1764844423"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:59:02+00:00",
"details": "See Kiali 2.4.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22937"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:59:02+00:00",
"details": "See Kiali 2.4.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22937"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T14:59:02+00:00",
"details": "See Kiali 2.4.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22937"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:284ba4bea2d340c325d183b866efb72527d297ab6c866b7b18c9e82af43d6af3_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7e2b22107128f05f40773095ae2b01ae6c65df0539677ea0d5b8f90c7f907f98_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:a529baf5f8aef4932058b377ded468cc291c1c04a326c8e1d6275ad0bde495a2_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e00f3b28e62c2ac90d836d7673183b1b391b76ce1b272861e49571f345cfa6a4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:76d016722febb26186803476d1479339130eb5911299b01955e5449488910447_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8d99058fce52a3208855359c8c1d2e90b010145dac3403177791925471005a1e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ab887b31e9d45ef89acd26b0d2bd9aeb5fc7c87d0f296d605ed9fa5d8c6a50e_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c012e5fdf21c90d8d504164ddec9b294c5c347df078049fcd4e20a9ebe2f76cc_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
RHSA-2026:2737
Vulnerability from csaf_redhat - Published: 2026-02-16 12:56 - Updated: 2026-02-19 16:09Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Notes
Topic
A new version of Red Hat build of Ceph Storage has been released
Details
The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.
This release updates to the latest version.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2737",
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2019-10790",
"url": "https://access.redhat.com/security/cve/CVE-2019-10790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-23358",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-34749",
"url": "https://access.redhat.com/security/cve/CVE-2022-34749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-31884",
"url": "https://access.redhat.com/security/cve/CVE-2024-31884"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-51744",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14104",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6176",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68429",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7783",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2737.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-02-19T16:09:30+00:00",
"generator": {
"date": "2026-02-19T16:09:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2737",
"initial_release_date": "2026-02-16T12:56:05+00:00",
"revision_history": [
{
"date": "2026-02-16T12:56:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T12:56:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-19T16:09:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8",
"product": {
"name": "Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ab219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Af00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Abf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Ae856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Afe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3A2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Af31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Aedb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Aad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ac571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Aeca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ad287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Aecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Ad19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10790",
"discovery_date": "2025-08-20T22:37:38.151000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389970"
}
],
"notes": [
{
"category": "description",
"text": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "taffy: taffydb: Internal Property Tampering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10790"
},
{
"category": "external",
"summary": "RHBZ#2389970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10790",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10790"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450",
"url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521",
"url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"
},
{
"category": "external",
"summary": "https://www.usenix.org/system/files/sec21-xiao.pdf",
"url": "https://www.usenix.org/system/files/sec21-xiao.pdf"
}
],
"release_date": "2020-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "taffy: taffydb: Internal Property Tampering"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
},
{
"cve": "CVE-2022-34749",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2022-07-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112230"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mistune: catastrophic backtracking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34749"
},
{
"category": "external",
"summary": "RHBZ#2112230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34749"
},
{
"category": "external",
"summary": "https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2",
"url": "https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2"
}
],
"release_date": "2022-07-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mistune: catastrophic backtracking"
},
{
"acknowledgments": [
{
"names": [
"Martin Schobert"
]
}
],
"cve": "CVE-2024-31884",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-08-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389907"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pybind: Improper use of Pybind",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31884"
},
{
"category": "external",
"summary": "RHBZ#2389907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31884"
}
],
"release_date": "2026-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pybind: Improper use of Pybind"
},
{
"cve": "CVE-2024-51744",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-11-04T22:01:08.655905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they can miss the embedded `jwt.ErrTokenSignatureInvalid`, and thus, potentially accept invalid tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "RHBZ#2323735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c",
"url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r"
}
],
"release_date": "2024-11-04T21:47:12.170000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n- In browser and non-secure, the code infinite loops on while (size--)\n- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] \u0026 63 -\u003e undefined \u0026 63 -\u003e 0\n- If the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nThe highest impact of this issue system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2025-6176",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-31T01:00:56.408048+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408762"
}
],
"notes": [
{
"category": "description",
"text": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in Scrapy\u0027s brotli decompression implementation allows remote attackers to trigger a denial of service by sending specially crafted brotli-compressed data. This can lead to excessive memory consumption and system instability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "RHBZ#2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0",
"url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"
}
],
"release_date": "2025-10-31T00:00:21.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-07-18T17:00:43.396637+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: Unsafe random function in form-data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "RHBZ#2381959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"release_date": "2025-07-18T16:34:44.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "form-data: Unsafe random function in form-data"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-14104",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-05T14:16:36.004000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419369"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "RHBZ#2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-68429",
"cwe": {
"id": "CWE-538",
"name": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
},
"discovery_date": "2025-12-17T23:03:29.948214+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423460"
}
],
"notes": [
{
"category": "description",
"text": "Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook\u2019s handling of environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle\u2019s source is viewable, thus potentially exposing those variables to anyone with access. For a project to potentially be vulnerable to this issue, it must build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) and publish the built Storybook to the web. Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with your Storybook are not affected. Users should upgrade their Storybook\u2014on both their local machines and CI environment\u2014to version .6.21, 8.6.15, 9.1.17, or 10.1.10 as soon as possible. Maintainers additionally recommend that users audit for any sensitive secrets provided via `.env` files and rotate those keys. Some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, either prefix the variables with `STORYBOOK_` or use the `env` property in Storybook\u2019s configuration to manually specify values. In either case, do not include sensitive secrets as they will be included in the built bundle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as it can lead to the unintended exposure of sensitive environment variables. This occurs when a Storybook project is built using the `storybook build` command in a directory containing a `.env` file, and the resulting bundle is subsequently published to a web-accessible location. Storybook instances built without `.env` files or run in development mode (`storybook dev`) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "RHBZ#2423460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6",
"url": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6"
},
{
"category": "external",
"summary": "https://storybook.js.org/blog/security-advisory",
"url": "https://storybook.js.org/blog/security-advisory"
}
],
"release_date": "2025-12-17T22:26:55.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables"
}
]
}
RHSA-2026:1248
Vulnerability from csaf_redhat - Published: 2026-01-26 18:31 - Updated: 2026-02-18 08:48Summary
Red Hat Security Advisory: MTV RHEL9 Images
Notes
Topic
Updated Release packages that fix several bugs and add various enhancements are now available.
Details
Migration Toolkit for Virtualization Images
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Virtualization Images",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1248",
"url": "https://access.redhat.com/errata/RHSA-2026:1248"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/migration_toolkit_for_virtualization",
"url": "https://docs.redhat.com/en/documentation/migration_toolkit_for_virtualization"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1248.json"
}
],
"title": "Red Hat Security Advisory: MTV RHEL9 Images",
"tracking": {
"current_release_date": "2026-02-18T08:48:53+00:00",
"generator": {
"date": "2026-02-18T08:48:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1248",
"initial_release_date": "2026-01-26T18:31:11+00:00",
"revision_history": [
{
"date": "2026-01-26T18:31:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-26T18:31:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T08:48:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Virtualization 2.9",
"product": {
"name": "Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.9::el9"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-api-rhel9@sha256%3A487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-console-plugin-rhel9@sha256%3A5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-controller-rhel9@sha256%3A14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034081"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhel9-operator@sha256%3Ab2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034053"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-operator-bundle@sha256%3Af744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769035163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256%3A22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256%3Ab5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-populator-controller-rhel9@sha256%3A3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034083"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-validation-rhel9@sha256%3A45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034167"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256%3A8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64",
"product": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64",
"product_id": "registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-vsphere-xcopy-volume-populator-rhel9@sha256%3A39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization\u0026tag=1769034080"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64 as a component of Migration Toolkit for Virtualization 2.9",
"product_id": "Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
},
"product_reference": "registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64",
"relates_to_product_reference": "Migration Toolkit for Virtualization 2.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64"
],
"known_not_affected": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T18:31:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n https://docs.redhat.com/en/documentation/migration_toolkit_for_virtualization/2.9/html-single/migrating_your_virtual_machines_to_red_hat_openshift_virtualization/index#assembly_upgrading-uninstalling-mtv_mtv",
"product_ids": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1248"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64"
],
"known_not_affected": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T18:31:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n https://docs.redhat.com/en/documentation/migration_toolkit_for_virtualization/2.9/html-single/migrating_your_virtual_machines_to_red_hat_openshift_virtualization/index#assembly_upgrading-uninstalling-mtv_mtv",
"product_ids": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1248"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9@sha256:487ad1c29aa180f6f76a74b87c285363aedcf87dadf00bde599a2ebf3790156d_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:5d385ba67a8d8158790da4511586c190a24a194e2ccb10fcb7182b658a59c624_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9@sha256:14619f0de60c7891791301fb7e76c047568d0e88b6013e2023bf1a7fbae71a32_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:22534de48fae928bfce581b6d893318c94530646d9bebf05b280abfcd1bed7dc_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle@sha256:f744b3832d6f2232b9dd605ff0ca8934acf279e8f065150d0a170104b290271e_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:b5ee12762ea91d7eda83b5e28badc751d1813d09e7b962a2b6d6e3be46b99ecd_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:3272d2ec42f5bb575940b8c9b1704e7d8e79a702f6e46d8378e08f1a1177fa15_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-rhel9-operator@sha256:b2493c389b48661df00e07d78f5af247f7a8254b88ed0d2cf6c29813bb63d802_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9@sha256:45f60e1dbd38452d10c49fe21e679b3847c4837a624a4ea8f6f90cf3c74ab236_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:8fabdc787bbda9a68c11c3a5cfbd6a7c4a71946ad04df996ab5480203f5858ab_amd64",
"Migration Toolkit for Virtualization 2.9:registry.redhat.io/migration-toolkit-virtualization/mtv-vsphere-xcopy-volume-populator-rhel9@sha256:39994efa887e6269f26710c85939dc00241fa898a52db5d6d34f4bf8ca87c39d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
GHSA-554W-WPV2-VW27
Vulnerability from github – Published: 2025-11-26 22:08 – Updated: 2025-11-26 22:08
VLAI?
Summary
node-forge has ASN.1 Unbounded Recursion
Details
Summary
An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.
Details
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
Impact
This vulnerability enables an unauthenticated attacker to reliably crash a server or client using node-forge for TLS connections or certificate parsing.
This vulnerability impacts the ans1.fromDer function in node-forge before patched version 1.3.2.
Any downstream application using this component is impacted. These components may be leveraged by downstream applications in ways that enable full compromise of availability.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-forge"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66031"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-26T22:08:37Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nAn Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.\n\n### Details\n\nAn ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge `asn1.fromDer` function within `forge/lib/asn1.js`. The ASN.1 DER parser implementation (`_fromDer`) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw `RangeError: Maximum call stack size exceeded`, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.\n\n### Impact\n\nThis vulnerability enables an unauthenticated attacker to reliably crash a server or client using node-forge for TLS connections or certificate parsing.\n\nThis vulnerability impacts the ans1.fromDer function in `node-forge` before patched version `1.3.2`. \n\nAny downstream application using this component is impacted. These components may be leveraged by downstream applications in ways that enable full compromise of availability.",
"id": "GHSA-554w-wpv2-vw27",
"modified": "2025-11-26T22:08:37Z",
"published": "2025-11-26T22:08:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
},
{
"type": "WEB",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"type": "PACKAGE",
"url": "https://github.com/digitalbazaar/forge"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "node-forge has ASN.1 Unbounded Recursion"
}
FKIE_CVE-2025-66031
Vulnerability from fkie_nvd - Published: 2025-11-26 23:15 - Updated: 2025-12-06 00:22
Severity ?
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digitalbazaar | forge | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FCE34820-051A-4D02-AB4B-DB03886D53CF",
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2."
}
],
"id": "CVE-2025-66031",
"lastModified": "2025-12-06T00:22:18.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-26T23:15:49.397",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
MSRC_CVE-2025-66031
Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-12-04 14:36Summary
node-forge ASN.1 Unbounded Recursion
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66031 node-forge ASN.1 Unbounded Recursion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66031.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "node-forge ASN.1 Unbounded Recursion",
"tracking": {
"current_release_date": "2025-12-04T14:36:01.000Z",
"generator": {
"date": "2025-12-04T20:04:19.042Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-66031",
"initial_release_date": "2025-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-11-29T01:03:13.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-02T01:35:26.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-12-04T14:36:01.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 reaper 3.1.1-19",
"product": {
"name": "\u003ccbl2 reaper 3.1.1-19",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 reaper 3.1.1-19",
"product": {
"name": "cbl2 reaper 3.1.1-19",
"product_id": "20124"
}
}
],
"category": "product_name",
"name": "reaper"
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "2"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
"product_id": "20124-17086"
},
"product_reference": "20124",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-2"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20124-17086"
],
"known_affected": [
"17086-1"
],
"known_not_affected": [
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66031 node-forge ASN.1 Unbounded Recursion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66031.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-29T01:03:13.000Z",
"details": "3.1.1-21:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "node-forge ASN.1 Unbounded Recursion"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…